Re: [BK PATCH] LSM changes for 2.5.59

From: Stephen D. Smalley (sdsat_private)
Date: Thu Feb 06 2003 - 07:02:37 PST

  • Next message: James Morris: "[PATCH] LSM networking update: summary (0/5)"

    Christoph Hellwig wrote:
    > The wrong thing here is that you pass in the object itself, not
    > it's ACC-relevant attributes.
    
    That's no different than permission(), and it is the style of interface
    suggested by Linus originally for LSM.  SELinux did provide an
    interface more akin to what you describe (passing the security
    identifiers of the process and relevant objects and a value indicating
    the operation).  But SELinux was also more tightly integrated into the
    kernel.  The original guidance for LSM was to simply pass the objects
    and to use separate hooks for different operations, moving the
    processing entirely into the module.
    
    Bringing this all up now is definitely pointless.  LSM wasn't developed
    in secret, and you could have made your case for a different
    approach/interface at the very beginning.  If you had made a case early
    on, and had gotten Linus to sign off on it, then we certainly wouldn't
    have objected to such an approach.
    
    > No it seems not pointless.  You add tons of undesigned cruft to 2.5 that
    > will have to be maintained through all of 2.6. unless Linus hopefully
    > pulls the plug soon enough.  You still haven't even submitted a single
    > example that actually uses LSM into mainline.
    
    Not undesigned, but designed to meet guidance with which you disagree.
    There is a difference.
    
    The capabilities module is one example, albeit a limited one.  As for
    modules like SELinux, it seems better to wait until all of the
    necessary hooks have either been accepted or definitively rejected
    before submitting an adapted form of the module for mainline.  After
    this set of changes, the only thing remaining is the networking hooks,
    which have already gone through a feedback cycle with the networking
    maintainers and are being pruned and revised accordingly.
    
    --
    Stephen Smalley, NSA
    sdsat_private
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Feb 06 2003 - 06:58:00 PST